The learning objectives for the course are for learners to develop competence in information systems (IS) assurance by learning to:

1. Develop assurance objectives for risks of information systems.
2. Design assurance procedures.
3. Implement assurance procedures with software tools.
4. Communicate assurance results.
5. Collaborate with others to achieve these objectives.

The strategy for achieving the learning objectives is to learn by doing, i.e., by experiencing the work of IS auditors. This strategy is designed to enable learners to develop the ability to recognize organizational situations for which IS assurance would help achieve organizational goals and to participate in the planning, development, and implementation of assurance services in highly automated contexts.

Course schedule

1. Focus on IT auditing
2. Examine learning objectives; publish learningProgress.htm
3. Check querying proficiency
4. Refresh querying proficiency: Car maker/car dealer case

1. Satisfy the Computer Skills Prerequisites
2. Refresh querying skills
3. Analyze risks for a warranty call center
4. Consider SOX Section 404 compliance
5. Prepare questions about the Warranty Call Center case

1. Check prerequisite completion
2. Find help for Access
3. Consider Auditing Standard No. 2
4. Begin work on the Warranty Call Center case; answer sample questions

1. Finish querying the Warranty Call Center case; prepare and publish the analysis
2. Inspect PCAOB's revised guidance for AS 2 (5/16/05)
3. Consider querying for computer-assisted audit techniques (CAATs)
4. Prepare questions about the Wireless Billing case

1. Consider PCAOB's revised AS 2 guidance (5/16/05)
2. Warranty Call Center case: Reflect on querying; examine analysis
3. Introduce Wireless Billing case

1. Inspect PCAOB's AS 5
2. Develop expertise in preparing BPDs
3. Prepare and publish a BPD for the Wireless Billing case

1. Consider PCAOB's AS 5
2. Represent business processes graphically
3. Answer Wireless Billing case practice questions
4. Consider the implications of graphical representations of business processes

1. Analyze the Wireless Billing case; prepare and publish the analysis
2. Prepare to answer questions about the Wireless Billing case
3. Consider differences in evaluating internal control pre- and post-SOX
4. Prepare questions about the Eticket case

1. Wireless Billing case: Answer question set
2. Compare pre- and post-SOX internal control
3. Introduce Eticket audit program

Eticket audit program:

1. Prepare and publish BPDs
2. Prepare and publish audit program for "existence" only

1. Distinguish between financial statement assertions
2. Work through Eticket audit program, part 1 (existence only)

1. Eticket audit program: Develop and publish whole audit program
2. Consider the role and application of analytical procedures
3. Prepare questions about the Threadchic case

1. Examine eticket audit program
2. Consider applications of analytical procedures
3. Introduce Threadchic case

1. Threadchic
   1. Prepare and publish BPD
   2. Develop audit objectives
2. Consider the role and implementation of CAATs

1. Threadchic case: Answer readiness questions and discuss nuances of the audit
2. Computer-assisted audit techniques (CAATs)

1. Threadchic
   1. Prepare and publish audit program and results
   2. Prepare to answer questions about Threadchic's audit
2. Examine Organofood case: System development audit

1. Introduce Organofood team project and form teams
2. Threadchic: Answer question set
3. Assess participation of class members

1. Consider system development and change control pitfalls
2. Organofood
   1. Plan team collaboration
   2. Begin work on the audit

1. Debrief Threadchic
2. Consider system development and change control pitfalls
3. Organofood
   1. Interview Derilo about system development
   2. Answer readiness questions
   3. Work in teams

1. Explore the wages of inattention to installing ERP systems
2. Work on Organofood audit in teams

1. Explore the wages of inadequate ES systems
2. Continue work on Organofood

1. Finish and publish Organofood audit program and results
2. Prepare questions for PWC facilitators

Interview auditors from PriceWaterhouseCoopers on SOX compliance and the practice of IT audit

1. Examine the potential roles of continuous auditing
2. Prepare questions about the PC-Now case

Continuous auditing

1. Examine roles
2. Design a proof of concept

PC-Now

1. Assimilate requirements and materials
2. Prepare to answer readiness questions

PC-Now

1. Answer readiness questions
2. Make sense of requirements and materials
3. Work in teams

1. PC-Now project
   1. Work on PC-Now In teams
   2. Prepare and publish an audit program for PC-Now
2. Prepare questions about the final exam case (available 11/27)

1. PC-Now
   1. Answer question set
   2. Evaluate projects
2. Assess participation of class members
3. Make sense of final exam business situation

Prepare for final exam

1. Develop audit objectives
2. Query the database

The course is offered as collaborative learning in which learners collaborate in seeking knowledge and principles and applying them for solving problems. In this approach to learning, learners recognize pertinent knowledge not because the teacher identifies it beforehand but because learners realize they need it to make progress solving a problem. Between class sessions, conversations can continue electronically on the discussion board in WebCT.

Learner-directed learning, rather than teacher-directed learning, is appropriate for this course because of the problem-solving demands that learners will encounter in their roles as business, accounting, or assurance professionals. Because of the short half-life of knowledge about information systems (IS) assurance, it is more important to learn how to solve problems rather than to learn what you might need to know right now about IS assurance. For example, as they reengineer business processes, organizations are discarding transaction-based audit trails on which almost all of assurance has been based. This change in the environment means that assurors must develop assurance approaches that rely on internal control rather than on testing individual transactions. Achieving this is a new problem for assurors, which Acct 8630 helps people learn to solve.

The best research on how people learn shows that people learn better when they work through alternative solutions than when they merely absorb a completed solution. Confronting the impasse of a failed alternative prompts one to recognize why that alternative is deficient, which is essential practice for evaluating alternatives later on the job, when the teacher is no longer available. Collaborative learning on-line makes it easy for self-forming teams to bring a variety of talents to bear on problems, a practice called swarming. Because they have different talents and perspectives, team members together can solve problems that they could not solve alone. A problem-solving focus fosters learning by promoting learners' consideration of more information and more alternatives for solving problems and creating a community-of-practice in the class that promotes learner participation rather than passive acquisition of knowledge.

A reason for learners assuming the responsibility for their learning is so that when the facilitator is no longer available, e.g., after the course is over, learners have become capable of determining what they need to learn and how to go about it to solve the next new problem. When you work for and with others, they will be delighted with your ability to learn to do the things that help achieve organizational goals. When you work for yourself, you will be delighted with your ability to learn the things that will help you achieve your goals. This is what "lifelong learning" means. This course can be a gateway to your lifelong learning.
[contents]

Team collaboration. Some teams work well from the very beginning, which enables them to be very productive. Most teams, however, discover that they wish that their internal processes enabled them to be more productive. If this describes your team, consider these learning phases as a way to organize your team efforts.

Participating in discussion: In class sessions and on the discussion board

Participate in discussions in class, in team sessions, and on the discussion board by (1) entering comments and questions and (2) commenting on the work of others. Seek out resources (web and non-web) that pertain to class topics and share them as appropriate during discussions (on the discussion board and in class and team sessions). Participation quality will be evaluated according to these criteria.

Participate in a substantive way. Participate in class and team discussions by commenting on others' work for the purpose of helping to improve it. This kind of participation may be uncomfortable at first if prior courses have not featured much of this kind of participation. Imagine yourself in a work setting in which your organization's survival (and hence your continued employment there) depends on your team improving its products or services substantially. No improvement will be possible if everyone is bashful and refrains from commenting on the work. Intel's name for the process of vetting ideas by challenging them is constructive confrontation (in the section Do you aggressively cultivate new ideas?) In this process, poking holes and finding weaknesses is a way of testing ideas while they are still ideas. Thus, when you are asked to defend an idea, the challenge is not an indication that the idea is a poor one but that the questioner is bestowing a gift--an attitude of honesty about the idea for the purpose of exploring and testing it. This linguistic ritual may seem threatening at first, but it can be a very powerful way to learn. (For more about linguistic matters, see Tannen, The power of talk: Who gets heard and why: pdf)

A human tendency is to refrain from pointing out flaws (it is important to identify flaws because a flaw is unlikely to be remedied if it is never identified) on the grounds that doing so might hurt someone's feelings. But we need not be personal in our comments about real or perceived flaws. Therefore, you are just as responsible for discussing others' ideas in class as you are for presenting your own. This is a substantial commitment for people not accustomed to behaving this way, but learning to do so is likely to enable you to be much more successful, in this class and in your career. Here are some productive ways we can pose comments:

1. "I believe this assurance procedure would give better evidence for the assurance objective if . . . because . . ." Focusing on the work or the ideas in the work will let us avoid hurting someone's feelings unintentionally.
2. "What would this audit procedure detect in the following situation?..." Here, we are running a thought experiment, imaging whether an audit procedure would or would not be successful in a given circumstance.

This kind of critiquing is not a matter of things not being right in their current state but "it is a matter of pointing out on what kinds of assumptions, what kinds of familiar, unchallenged, unconsidered modes of thought the practices that we accept rest...Criticism is a matter of flushing out that thought and trying to change it: to show that things are not as self-evident as one believed, to see that what is accepted as self-evident will no longer be accepted as such" (Foucault, M.1988, Practicing criticism (trans. A. Sheridan et al.). In L. D. Kritzman, ed., Politics, Philosophy, Culture: Interviews and Other Writings, 1977-1984, 154-155. New York: Routledge).

Participate in discussion board postings. The discussion board is a way to continue discussions between class sessions. Discussion board postings could be directly related to readings/assignments or generally related to the area of IS assurance. The discussion board is a way for you to ask questions related to readings/assignments between class sessions. Preparing and responding to discussion board postings are ways to develop competence in IS assurance. For example, you might point the class to a Wall Street Journal article (or articles in other sources in the business press) relevant to the course and explain why it's relevant. You can respond to other's posts, asking questions about the things that puzzled you and clarifying things that seemed unclear. Sometimes, articles in the business press explain enough about a business context to make it amenable to our identifying risks in the situation and thinking through how to provide needed IS assurance.
[contents]

Acct 8630 in Curricula

[The items in the following paragraph are available through this link to the 2005-06 GSU Graduate Catalog at the paragraph number cited.]

Acct 8630 is a required course in the MPA Accounting Systems Specialization (7250) and an elective course in other MPA specializations and other master's programs in the Robinson College of Business. Students at other universities may take the course as transient students (7140). Non degree-seeking students may enroll as postgraduate students (7130) if they have an undergraduate degree from the Robinson College of Business or as non degree students (7130) if they have a business undergraduate degree or its equivalent from an accredited university. The Robinson College of Business follows a self-managed application process (7110.20) with these application date deadlines (7110.10).

Prerequisites

1. Computer Skills Prerequisites (CSP): 1, 2, 3, 4, 5, 6, 7, 8
2. One of the following courses:
   1. CIS 3210 End User Applications Programming: This course provides an introduction to the assisting of end users of computer systems in developing their own special purposes applications. The emphasis in the course is on acquiring programming skills in one fourth-generation language and one interactive third-generation language. These skills are required in order to develop the technical capability to assist end users. Topics covered include end user computing versus traditional systems development; Rapid Application Development; Prototyping; Fundamentals of the Paradox Application Language (PAL); Fundamentals of the Visual Basic Programming Language.
   2. CIS 3260 Introduction to Programming in C/C++: This course provides an introduction to structured programming using the C and C++ languages. Emphasis is placed upon the development of correct, efficient programs that are easy to maintain. Topics include problem analysis, program design, documentation, testing and debugging. Basic features of the C and C++ programming languages such as data types, control structures, functions, arrays, pointers, and strings are covered.
3. One of the following courses:
   1. Acct 4610 Assurance Services: This course develops students' knowledge of auditing, attest, and assurance services in traditional and e-business environments. Topics include the role of such services in society, evidence relevance and reliability, materiality, risk and control, information integrity, and methods of verification.
   2. Any CIS 8000-level course

If you need more experience with desktop software such as Microsoft Office Access or Excel, Web browsers, or HTML editors, Georgia State offers eTraining, Web-based training for PC software, available from anywhere anytime and downloadable to your machine.

If you want to take the course but are not a Georgia State student, contact a master's admissions coordinator in the Robinson College of Business Office of Graduate Admissions and Student Services.

Course resources

1. On-line resources. Course materials linked to the weekly agenda pages. Copyrighted materials are password protected, in accordance with the Regents' Guide to Understanding Copyright and Educational Fair Use.
   
   
2. Microsoft Access and web pages on Access: Querying assignments require use of Microsoft Access. We use Access because using it develops your expertise with relational database systems and querying them, skills that are fundamental to learning to use audit software such as ACL and IDEA, database systems such as SAP, Oracle, and PeopleSoft, and analysis programs such as SAS, Crystal Reports, and AS/400 Query. Search for documentation on Access topics with, for example, google.com, ask.com, yahoo.com.
   
   
3. Text: Hunton, J. E., S. M. Bryant, and N. A. Bagranoff (abbreviated "Hunton"). 2004. Core concepts of Information Technology Auditing. Hoboken, NJ: Wiley.
   
   
4. Business press: The Wall Street Journal (WSJ). The instructor will provide subscription information in class if you want to subscribe. Subscriptions come in two forms: paper copies mailed or delivered to you and web access to WSJ Interactive. If early morning delivery is available to your address (and you want it), call 1-800-568-7625 to request it after your paper copies begin arriving. Have a mailing label available before you call.
   
   Reading the WSJ will help you:
   1. Learn how business people think, feel, and act.
   2. Learn about information systems from two perspectives:
      1. Systems that are dysfunctional in some way. These systems are candidates for thinking through how the dysfunctional aspects could have been avoided with the appropriate application of audit skills or system development approaches.
      2. Situations for which information systems (IS) audit/assurance techniques would be appropriate. For these, we can be creative in developing effective audit/assurance approaches.
   3. Convince potential employers that you are knowledgeable about accounting, business, information systems, the integration of accounting and systems, and the audit and control of information systems.
      
      
5. Dictionaries: An 11,000-entry encyclopedia of computing definitions is available in TechEncyclopedia. An on-line dictionary is available at Merriam-Webster, which includes pronunciation. It's okay not to know a word or acronym. It's not okay the let the condition persist when you could look it up online!

Web, uLearn, and email use

For links to information on professional and career matters, e.g., professional certification and affiliation relevant to the practice of information systems assurance and career-related aspects, see professional/career matters.
[contents]